- Posted April 04, 2025
- Technical Advisories
The National Cyber Security Centre and international partners are warning against a malicious cyber technique known as fast flux that presents a persistent threat to network security. Many networks have a gap in their defences for detecting and blocking this malicious technique.
Fast flux enables cyber actors to consistently evade detection and is used by nation-state actors and cyber criminals to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records.
This technique also allows malicious actors to create resilient, highly available command and control (C2) infrastructure, which conceals their subsequent malicious operations. This resilient and fast-changing infrastructure makes tracking and blocking of malicious activities that use fast flux more difficult.
This advisory warns organisations, internet service providers (ISPs), and cyber security service providers (CSPs) of the ongoing threat of fast flux-enabled malicious activities and the gap that many networks have in defending against it.
We encourage ISPs and CSPs, especially Protective DNS (PDNS) providers, to help mitigate this threat by taking proactive steps to develop accurate and reliable fast flux detection analytics and block these activities for their customers.
This advisory also provides guidance on detecting and mitigating fast flux by adopting a multi-layered approach that combines DNS analysis, network monitoring, and threat intelligence to protect networks against fast flux operations.
The authoring agencies recommend government and critical infrastructure organisations close this ongoing gap in many networks’ defences by using cyber security and PDNS services that block malicious fast flux activity.
By implementing robust detection and mitigation strategies, organisations can significantly reduce their risk of compromise by fast flux-enabled threats.
The NCSC will add any fast flux indicators to the Malware Free Networks Service (MFN) feed if they become available.
For any questions about this advisory, contact: info@ncsc.govt.nz
For more NCSC NZ updates, follow us on LinkedIn(external link).
Read Fast Flux: A National Security Threat(external link) on CISA's website.